Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2022/02/GHSA-v3mr-gp7j-pw5w/GHSA-v3mr-gp7j-pw5w.json

@@ -1,12 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v3mr-gp7j-pw5w",
-  "modified": "2022-02-04T17:26:40Z",
+  "modified": "2026-01-23T21:31:05Z",
   "published": "2022-02-10T22:33:46Z",
   "aliases": [],
   "summary": "Possible SQL injection in tablelookupwizard Contao Extension",
-  "details": "### Impact\nThe currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility.\n\n### Patches\nThe issue has been patched in `tablelookupwizard` version 3.3.5 and version 4.0.0.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in https://github.com/terminal42/contao-tablelookupwizard\n* Email us at [info@terminal42.ch](mailto:info@terminal42.ch)\n",
-  "severity": [],
+  "details": "### Impact\nThe currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility.\n\n### Patches\nThe issue has been patched in `tablelookupwizard` version 3.3.5 and version 4.0.0.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in https://github.com/terminal42/contao-tablelookupwizard\n* Email us at [info@terminal42.ch](mailto:info@terminal42.ch)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -37,6 +42,10 @@
       "type": "WEB",
       "url": "https://github.com/terminal42/contao-tablelookupwizard/commit/a5e723a28f110b7df8ffc4175cef9b061d3cc717"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/terminal42/contao-tablelookupwizard/2022-02-04-1.yaml"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/terminal42/contao-tablelookupwizard"
@@ -46,7 +55,7 @@
     "cwe_ids": [
       "CWE-89"
     ],
-    "severity": "HIGH",
+    "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2022-02-04T17:26:40Z",
     "nvd_published_at": null

advisories/unreviewed/2022/05/GHSA-89h9-hfwf-446p/GHSA-89h9-hfwf-446p.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-89h9-hfwf-446p",
-  "modified": "2022-05-24T22:00:23Z",
+  "modified": "2026-01-23T21:30:29Z",
   "published": "2022-05-24T22:00:23Z",
   "aliases": [
     "CVE-2017-18536"
   ],
   "details": "The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2022/05/GHSA-q43p-2mh4-5jv2/GHSA-q43p-2mh4-5jv2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q43p-2mh4-5jv2",
-  "modified": "2022-05-24T19:19:58Z",
+  "modified": "2026-01-23T21:30:29Z",
   "published": "2022-05-24T19:19:58Z",
   "aliases": [
     "CVE-2021-24767"
   ],
   "details": "The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2024/01/GHSA-m892-r7q3-ww6c/GHSA-m892-r7q3-ww6c.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m892-r7q3-ww6c",
-  "modified": "2024-01-11T18:31:22Z",
+  "modified": "2026-01-23T21:30:29Z",
   "published": "2024-01-05T06:30:19Z",
   "aliases": [
     "CVE-2024-22087"
@@ -22,6 +22,14 @@
     {
       "type": "WEB",
       "url": "https://github.com/foxweb/pico/issues/31"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/foxweb/pico/commit/7a5e4e242121c839cb77f5b9003e735a852f4e58"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/foxweb/pico/commit/e2d172f"
     }
   ],
   "database_specific": {

advisories/unreviewed/2024/05/GHSA-22j5-63rc-6cq9/GHSA-22j5-63rc-6cq9.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-22j5-63rc-6cq9",
-  "modified": "2024-05-08T15:30:41Z",
+  "modified": "2026-01-23T21:30:30Z",
   "published": "2024-05-08T15:30:41Z",
   "aliases": [
     "CVE-2024-31270"
   ],
-  "details": "Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.\n\n",
+  "details": "Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2024/06/GHSA-qqfg-j9g4-4mfh/GHSA-qqfg-j9g4-4mfh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qqfg-j9g4-4mfh",
-  "modified": "2024-06-18T06:30:43Z",
+  "modified": "2026-01-23T21:30:30Z",
   "published": "2024-06-18T06:30:43Z",
   "aliases": [
     "CVE-2024-37079"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-37079"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/02/GHSA-84xh-pwc6-7g4g/GHSA-84xh-pwc6-7g4g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-84xh-pwc6-7g4g",
-  "modified": "2025-11-12T15:31:27Z",
+  "modified": "2026-01-23T21:30:33Z",
   "published": "2025-02-05T18:34:46Z",
   "aliases": [
     "CVE-2025-23419"
@@ -39,7 +39,8 @@
   "database_specific": {
     "cwe_ids": [
       "CWE-287",
-      "CWE-613"
+      "CWE-613",
+      "CWE-863"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/05/GHSA-h2mm-jj4p-hm2p/GHSA-h2mm-jj4p-hm2p.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h2mm-jj4p-hm2p",
-  "modified": "2026-01-23T15:31:34Z",
+  "modified": "2026-01-23T21:30:35Z",
   "published": "2025-05-22T00:34:03Z",
   "aliases": [
     "CVE-2025-34026"
   ],
   "details": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/09/GHSA-9c77-w28p-48g4/GHSA-9c77-w28p-48g4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9c77-w28p-48g4",
-  "modified": "2025-11-03T18:31:38Z",
+  "modified": "2026-01-23T21:30:36Z",
   "published": "2025-09-05T18:31:16Z",
   "aliases": [
     "CVE-2025-38706"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()\n\nsnd_soc_remove_pcm_runtime() might be called with rtd == NULL which will\nleads to null pointer dereference.\nThis was reproduced with topology loading and marking a link as ignore\ndue to missing hardware component on the system.\nOn module removal the soc_tplg_remove_link() would call\nsnd_soc_remove_pcm_runtime() with rtd == NULL since the link was ignored,\nno runtime was created.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-04T16:15:39Z"

advisories/unreviewed/2025/09/GHSA-wrfw-2xr6-c3p7/GHSA-wrfw-2xr6-c3p7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wrfw-2xr6-c3p7",
-  "modified": "2025-11-03T18:31:38Z",
+  "modified": "2026-01-23T21:30:35Z",
   "published": "2025-09-05T18:31:16Z",
   "aliases": [
     "CVE-2025-38702"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fix potential buffer overflow in do_register_framebuffer()\n\nThe current implementation may lead to buffer overflow when:\n1.  Unregistration creates NULL gaps in registered_fb[]\n2.  All array slots become occupied despite num_registered_fb < FB_MAX\n3.  The registration loop exceeds array bounds\n\nAdd boundary check to prevent registered_fb[FB_MAX] access.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-04T16:15:38Z"